Contact Us

Main Content

What is a Security Event?

Information Security’s (Security) sole responsibility is preventing unauthorized access to SIU networks, systems, and devices. Security is also responsible for protecting the sensitive information stored in University devices and systems, and shared between them. For this reason, most security events are detected by our Security team or by a diligent LAN Administrator.

A “security event” occurs when a student, faculty, or staff member recognizes that a technology device or system is functioning in a way that seems “out of the norm”—enough so that our security team is notified. Our security team may observe the situation and resolve the problem, or do a more thorough investigation to identify if there has been an attempt to break through the security mechanisms the University has in place to protect our systems; our students, faculty, and staff; our sensitive information; and our financial assets. If analysis by the security team determines that an event is a threat to, breach of, or damage created by malicious software or hackers, we escalate the event status to a security breach.

The following are examples of security breaches:

Intrusion into any University system without authorization.

Access to or theft of confidential or sensitive data.

Access or damage to data using malicious software such as virus or malware.

Loss or theft of University-owned devices must be reported to Information Security immediately.

Security events at SIU should be reported and investigated to determine if an event requires an official “notification of exposure” as determined by SIU policy; contract agreements; state or federal law; or regulations such as FERPA, HIPAA, PCI. It is important to report suspected events promptly, so Security can determine if the event is a problem that needs to be resolved, or if the event is an actual security breach. Urgency in reporting and in taking action is essential, as a major security breach will certainly result in a loss of trust in the University by our students, faculty, staff, vendors, and community. Failure to report an event may result in disciplinary action, legal action, and/or fines from regulatory entities.